GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → felleslosninger → efm-certvalidator

felleslosninger / efm-certvalidator

Licence: other
Certificate validator for X.509 certificates.

Programming Languages

java
68154 projects - #9 most used programming language

Labels

certificatevalidatorx509pkixtrustcertificate-validation

Projects that are alternatives of or similar to efm-certvalidator

Cfrpki
Cloudflare's RPKI Toolbox
Stars: ✭ 104 (+316%)
Mutual labels:  certificate, validator
Routinator
An RPKI Validator written in Rust
Stars: ✭ 215 (+760%)
Mutual labels:  certificate, validator
Aspnetcorecertificates
Certificate Manager in .NET Core for creating and using X509 certificates
Stars: ✭ 135 (+440%)
Mutual labels:  certificate, x509
X509
Elixir package for working with X.509 certificates, Certificate Signing Requests (CSRs), Certificate Revocation Lists (CRLs) and RSA/ECC key pairs
Stars: ✭ 68 (+172%)
Mutual labels:  certificate, x509
proofable-image
Build trust into your image by creating a blockchain certificate for it
Stars: ✭ 17 (-32%)
Mutual labels:  certificate, trust
Icingaweb2 Module X509
Keeps track of certificates as they are deployed in a network environment.
Stars: ✭ 78 (+212%)
Mutual labels:  certificate, x509
Pspki
PowerShell PKI Module
Stars: ✭ 189 (+656%)
Mutual labels:  certificate, x509
Forge
A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps
Stars: ✭ 4,204 (+16716%)
Mutual labels:  certificate, x509
concerto
A command line tool and a library to generate TLS certificates for development purposes.
Stars: ✭ 34 (+36%)
Mutual labels:  certificate, x509
pki-manager
IT Freelancers : Manage small PKI for multiple projects (or clients) with 2 bash scripts
Stars: ✭ 36 (+44%)
Mutual labels:  certificate, x509
Certlint
X.509 certificate linter, written in Go
Stars: ✭ 60 (+140%)
Mutual labels:  certificate, x509
x509sak
X.509 Swiss Army Knife is a toolkit atop OpenSSL to ease generation of CAs and aid white-hat pentesting
Stars: ✭ 23 (-8%)
Mutual labels:  certificate, x509
Openssl Nodejs
is a package which gives you a possibility to run every OpenSSL command 🔒 in Node.js in a handy way. Moreover, parameters like -in, -keyin, -config and etc can be replaced by a raw data (Buffor).
Stars: ✭ 25 (+0%)
Mutual labels:  certificate, x509
Ssl Checker
Python script that collects SSL/TLS information from hosts
Stars: ✭ 94 (+276%)
Mutual labels:  certificate, x509
Certigo
A utility to examine and validate certificates in a variety of formats
Stars: ✭ 662 (+2548%)
Mutual labels:  certificate, x509
Acmetool
🔒 acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt)
Stars: ✭ 1,882 (+7428%)
Mutual labels:  certificate, x509
Cli
🧰 A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.
Stars: ✭ 2,151 (+8504%)
Mutual labels:  certificate, x509
Webpki
WebPKI X.509 Certificate Validation in Rust
Stars: ✭ 311 (+1144%)
Mutual labels:  certificate, x509
Jsrsasign
The 'jsrsasign' (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES JSON Web Signature/Token in pure JavaScript.
Stars: ✭ 2,760 (+10940%)
Mutual labels:  certificate, x509
fortify
Fortify enables web applications to use smart cards, local certificate stores and do certificate enrollment. This is the desktop application repository.
Stars: ✭ 88 (+252%)
Mutual labels:  certificate, x509
View All Similar Projects ➔

Certificate validator for X.509 certificates

Build Status CodeCov Maven Central

This validator is not a single validator, it is set of rules to build the certificate validator (using X.509 certificates) fitting the needs of your business case.

A lot of sensible defaults is used to make it easy to get started using this library. Use a proper IDE to customize to your needs.

Getting started

Include dependency in your pom.xml:

<dependency>
    <groupId>no.difi.commons</groupId>
    <artifactId>commons-certvalidator</artifactId>
    <version>2.1.1</version>
</dependency>

Create your own validator(s):

// Generic validator
Validator validator = ValidatorBuilder.newInstance()
    .addRule(new ExpirationRule())
    .addRule(new SigningRule())
    .addRule(new CRLRule())
    .addRule(new OCSPRule())
    .build();

// Accept only non-expired self-signed certificates
Validator validator = ValidatorBuilder.newInstance()
    .addRule(new ExpirationRule())
    .addRule(SigningRule.SelfSignedOnly())
    .build();

// Is the certificate expiring in less than 7 days?
Validator validator = ValidatorBuilder.newInstance()
    .addRule(new ExpirationSoonRule(7 * 24 * 60 * 60 * 1000))
    .build();
    
// Validate your certificate (throws exception on error)
validator.validate(...);

// Validate your certificate (returns boolean)
validator.isValid(...);

Please note the Validator accepts InputStream, byte[] and X509Certificate as input for validation.

Validators may not only be used to judge a given certificate when in situation to trust or not to trust a certificate. A validator instance may be used to implement logic helping users to handle certificates in a better manner (ie. give a warning before certificate expires).

Available building blocks

  • ChainRule - Validates chain of trust of certificate given access to root certificates and intermediate certificates.
  • CriticalExtensionRule - Validates required or recognized extensions.
  • CRLRule - Use information regarding Certificate Revocation List (CRL) in certificate to validate certificate.
  • DummyRule - Very simple implementation potentially interesting to use in testing.
  • ExpirationSoonRule
  • ExpirationRule
  • OCSPRule - Use information regarding Online Certificate Status Protocol (OCSP) in certificate to validate certificate.
  • PrincipalNameRule
  • SigningRule

Structure

  • Junction - Combine multiple validators into one validator using 'and', 'or' and 'xor'.

Extras

  • NorwegianOrganizationNumberRule (extends PrincipalNameRule) - Implements logic to fetch a norwegian organization number from a certificate given standardization is used.

Exceptions

  • CertificateValidatorException - This is thrown if anything around validation of certificate results in problems.
  • FailedValidationException (extends CertificateValidatorException) - This is thrown when certificate is validated to not be valid.
  • CertificateBucketException (extends CertificateValidatorException) - This is thrown when there are problems regarding certificate buckets.

Creating new rules

All new validation rules must implement the very simple ValidatorRule interface to be included in a chain of rules.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].